Hey ron4mac,
Thanks for your reply. It is appreciated.
The code you seems to be for someone who registers, then they are automatically logged in?
What I was looking for was a way to pass user SSL certificate information from apache into CPG. I don't know if I was clear on my intentions. It is hard to describe something that you cannot figure out...lol.
I did a boatload more research and came up with a working solution... for now.
I found a post
http://forum.coppermine-gallery.net/index.php/topic,75543.msg366736.html?PHPSESSID=t15n4cu9askkr1ukn6hd5f3hs3#msg366736 that shows adding:
<tr>
<td colspan=2 align=center>
<Iframe src="loginchoice.php" width="100%" height="450" frameborder=0 seamless></Iframe>
</td>
</tr>
right after line 162 of login.php.
This got me pointed in the right direction. At least I think so. I am concerned about security, so hopefully my methods aren't leaving too much "in the clear."
I added the following code to login.php, after line 136
line 136: $login_method = $lang_login_php[$CONFIG['login_method']];
This code starts a session and sets the header info picked up from apache to $_SESSION variables that can be shared with loginchoice.php
// Start a session to pass apache SSL values to loginchoice.php
session_start();
foreach (getallheaders() as $name => $value) {
//echo "$name: $value <br />\n";
switch ($name) {
case "SSL_CLIENT_S_DN":
$_SESSION["SSL_CLIENT_S_DN"] = $value;
break;
case "SSL_CLIENT_VERIFY":
$_SESSION["SSL_CLIENT_VERIFY"] = $value;
break;
case "SSL_CLIENT_I_DN":
$_SESSION["SSL_CLIENT_I_DN"] = $value;
break;
case "SSL_CLIENT_S_DN_CN":
$_SESSION["SSL_CLIENT_S_DN_CN"] = $value;
break;
}
}
In apache I sent the certificate details using:
RequestHeader set SSL_CLIENT_S_DN %{SSL_CLIENT_S_DN}s
RequestHeader set SSL_CLIENT_VERIFY %{SSL_CLIENT_VERIFY}s
RequestHeader set SSL_CLIENT_I_DN %{SSL_CLIENT_I_DN}s
RequestHeader set SSL_CLIENT_S_DN_CN %{SSL_CLIENT_S_DN_CN}s
Then in loginchoice.php I put in a bunch of validation code and used PHP explode function to grab the pieces of the SSL certs that I needed.
The part needed to add a button to the login page, that once clicked logs the user in with prefilled username and password is:
echo <<< EOT
<form action="login.php" method="post" name="loginbox" id="cpgform" target="_top" >
<input type="hidden" name="username" value="{$username}" />
<input type="hidden" name="password" value="{$password}" />
<input type="submit" class="buttonStyle0" name="submitted" value="Auto-SignIn as {$username}" />
</form>
EOT;
Now when a user logs in with their smartcard, the username and password is automatically put into the button.
I hope that this is a secure way of doing this. The only way to access the Coppermine Gallery is to login with a smartcard. I believe that this username and password are just redundant.
The reason for it is that I wanted users to be able to see who has posted what pictures (by their name) and not some "wonky" username that they make up.
Sorry for the long reply... I just wanted to share this... just in case someone else down the road wants to do something similar.
My big concern with this CMS is that all these modifications seem to require modifying core files, such as index.php, login.php, etc...
What happens when I update to the next Copermine release? That is a lot of stuff to keep track of.
I know I have to figure out how to write plugins, but first I need my site up and running.
Thanks again for your reply,
SUB